AF:
NF:0
PS:10
SRH:1
SFN:
DSR:
MID:<20090415115313.666beb71@ripper.onstor.net>
CFG:
PT:0
S:andy.sharp@onstor.com
RQ:
SSV:mail.onstor.net
NSV:
SSH:
R:<John.Keiffer@onstor.com>
MAID:1
X-Sylpheed-Privacy-System:
X-Sylpheed-Sign:0
SCF:#mh/Mailbox/sent
RMID:#imap/andys@onstor.net@exch1.onstor.net/INBOX	0	102AB4F33EBBDB4C91915B145C8E9FB31284F9B4C2@exch1.onstor.net
X-Sylpheed-End-Special-Headers: 1
Date: Wed, 15 Apr 2009 11:53:35 -0700
From: Andrew Sharp <andy.sharp@onstor.com>
To: John Keiffer <John.Keiffer@onstor.com>
Subject: Re: SSL Certificate installed on upgrade.onstor.com
Message-ID: <20090415115335.0a280875@ripper.onstor.net>
In-Reply-To: <102AB4F33EBBDB4C91915B145C8E9FB31284F9B4C2@exch1.onstor.net>
References: <102AB4F33EBBDB4C91915B145C8E9FB31284F9B45C@exch1.onstor.net>
	<102AB4F33EBBDB4C91915B145C8E9FB31284F9B4AA@exch1.onstor.net>
	<20090415105020.4fd3856c@ripper.onstor.net>
	<102AB4F33EBBDB4C91915B145C8E9FB31284F9B4AF@exch1.onstor.net>
	<20090415114357.11a344ab@ripper.onstor.net>
	<102AB4F33EBBDB4C91915B145C8E9FB31284F9B4C2@exch1.onstor.net>
Organization: Onstor
X-Mailer: Sylpheed-Claws 2.6.0 (GTK+ 2.8.20; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

I thought the defect was that we set up upgrade.onstor.com to use https.

On Wed, 15 Apr 2009 11:46:25 -0700 John Keiffer
<John.Keiffer@onstor.com> wrote:

> 
> Sorry, I don't get your answer, ie if I should close the defect. It sounds to me like this is expected of 'apt', and therefore won't get fixed. Which means the defect isn't valid for Nexenta?
> 
> 
> -----Original Message-----
> From: Andy Sharp 
> Sent: Wednesday, April 15, 2009 11:44 AM
> To: John Keiffer
> Subject: Re: SSL Certificate installed on upgrade.onstor.com
> 
> Nope, sounds right to me.  I'd be surprised if this had changed in
> apt since the last time I looked.  I'm not sure there's any reason to
> have set up https except that someone on the core team thought we
> should use that instead of http for some paranoid reason.  Ie, I don't
> think the idea to use https came from anyone at nexenta or anything
> like that.
> 
> On Wed, 15 Apr 2009 10:55:54 -0700 John Keiffer
> <John.Keiffer@onstor.com> wrote:
> 
> > A,
> > 
> > I entered this as a stop ship defect. Based on your comments below, I guess its safe to assume this is NOT going to be fixed as it is not a Nexenta thing. 
> > 
> > Should I downgrade the severity by a lot, or just close the defect?
> > 
> > Thanks,
> > John
> > 
> > -----Original Message-----
> > From: Andy Sharp 
> > Sent: Wednesday, April 15, 2009 10:50 AM
> > To: John Keiffer
> > Cc: Arnaldo Roldan; dl-Leopard Core Team
> > Subject: Re: SSL Certificate installed on upgrade.onstor.com
> > 
> > Duh, I don't know why this didn't set off any alarm bells in my head,
> > but I'm already aware there is no https apt method, so no, we can't use
> > https.  We could possibly utilize an encrypted tunnel but do we really
> > need to?  I'm not seeing the need, personally.
> > 
> > On Wed, 15 Apr 2009 10:35:50 -0700 John Keiffer
> > <John.Keiffer@onstor.com> wrote:
> > 
> > > Woah, we may have a real problem here...
> > > 
> > > I was fooling around trying to test the install of Leopard plugins and it looks to me like https will NOT work for the CS site of upgrade.onstor.com! Maybe this is something we can fix or have Nexenta fix? I'm going to file a defect now with them...
> > > 
> > > nmc@Leopard-1:/$ setup appliance repository
> > > Re-read 'APT' service configuration?  Yes
> > > E: The method driver /usr/lib/apt/methods/https could not be found.
> > > Unable to update repository settings. Repository changes reverted.
> > > 
> > > ________________________________
> > > From: Arnaldo Roldan
> > > Sent: Tuesday, April 14, 2009 3:34 PM
> > > To: dl-Leopard Core Team
> > > Subject: SSL Certificate installed on upgrade.onstor.com
> > > 
> > > Greetings,
> > > 
> > > https://upgrade.onstor.com<https://upgrade.onstor.com/> is now sporting a signed SSL certificate. Please report any issues to me.
> > > 
> > > Also, since we have opted for SSL does this mean I should disable non-ssl access to the server?
> > > 
> > > Thanks,
> > > 
> > > Arnaldo
> > > 
